WikiLeaks Mirror Sites Lose Web Hosting Services

Web host SiteGround has suspended the accounts of at least two WikiLeaks mirror sites claiming the presence of the files put the host at risk for a DDOS attack.

First it was WikiLeaks. Now, several mirror sites appear
to be in the crosshairs, as another Web host, this time SiteGround, suspended
accounts claiming the sites violated the Terms of Service, engaged in illegal
activity and were at risk for potential DDoS attacks.
According to a post by Electronic
Frontier Foundation's Marcia Hofmann on Dec. 22, a WikiLeaks mirror was
shut down by its host, SiteGround, as result of pressure from its upstream
provider, SoftLayer. SoftLayer claimed the mirror Wikileaks site violated the
company's Acceptable Use Policy and ToS, wrote Hofmann.

A Google search turned up at least two users who claimed
their WikiLeaks mirrors had been shut down by SiteGround. While the EFF post
didn't identify the mirror's owner by name, the stories were identical.

One user, Mark
McCoy, a self-professed anarchist, posted on his blog the entire e-mail
thread between him, SiteGround and SoftLayer. SiteGround initially informed
McCoy that "some illegal activity" had been performed through his site which
"severely" violated SiteGround's Terms of Use and Acceptable Use Policy. The
letter indicated the complaint came from SoftLayer.
SiteGround said in the letter that when "illegal
activity" is detected, the company had to "take immediate actions to stop that
activity," or risk having the entire server "unplugged." SiteGround said McCoy
needed to scan his computer with an antivirus software, change his account's
password and delete all the infringing files in the directory. The infringing
files, according to the list, were the WikiLeaks cables that had been uploaded
to his account.
"Before I delete the 'evidence,' could you tell me what
the exact violation is?" wrote McCoy, noting that the initial e-mail had implied
he had malware or an exploit on the site, not HTML and Javascript files.
McCoy pressed SiteGround for actual details on the
violation, but the host declined to do so, noting that since the order to
suspend his account came from SoftLayer, "We had to comply."
According to the chain of letters posted on the blog,
McCoy then wrote to SoftLayer to discover the exact violation. As there were no
further updates, it appears SoftLayer never responded, but McCoy does not
maintain a mirror at this time.
According to Hofmann, a customer who had been shut down by
SiteGround was told SoftLayer wanted the mirror taken down because it was
worried about the potential for distributed denial of service attacks. The user
pointed out that no attack had happened and this rationale would allow the company
to "use hypothetical future events" to take down any site, Hofmann wrote.
"It's incredibly disappointing to see more service
providers cutting off customers simply because they decide (or fear) that
content is too volatile or unpopular to host," wrote Hofmann.
Internet intermediaries need to stick up for their
customers, not undermine their freedom to speak online, according to Hofmann.
She said censorship was
a "slippery slope," with the first victim as WikiLeaks, followed by a mirror.
She wondered whether a news organization that posted cables or analysis of the
documents could be knocked offline. "If intermediaries are willing to use the
potential for future DDoS attacks as a reason to cut off users, they can cut
off anyone for anything," said Hofmann.
WikiLeaks lost its Web
and DNS services shortly after it began posting the leaked cables. Since
then, it has moved to non-U.S.-based providers and relies on more
than 1,000 mirror sites to stay online.